Package net.schmizz.sshj.transport.mac

Interface MAC

    • Method Summary

      Modifier and Type Method Description
      byte[] doFinal()  
      byte[] doFinal​(byte[] input)  
      void doFinal​(byte[] buf, int offset)  
      int getBlockSize()  
      void init​(byte[] key)  
      boolean isEtm()
      Indicates that an Encrypt-Then-Mac algorithm was selected.
      void update​(byte[] foo)  
      void update​(byte[] foo, int start, int len)  
      void update​(long foo)  

    • Method Detail

      • doFinal

        byte[] doFinal()

      • doFinal

        byte[] doFinal​(byte[] input)

      • doFinal

        void doFinal​(byte[] buf,
             int offset)

      • getBlockSize

        int getBlockSize()

      • init

        void init​(byte[] key)

      • update

        void update​(byte[] foo)

      • update

        void update​(byte[] foo,
            int start,
            int len)

      • update

        void update​(long foo)

      • isEtm

        boolean isEtm()
        Indicates that an Encrypt-Then-Mac algorithm was selected.

        This has the following implementation details. 1.5 transport: Protocol 2 Encrypt-then-MAC MAC algorithms

        OpenSSH supports MAC algorithms, whose names contain "-etm", that perform the calculations in a different order to that defined in RFC 4253. These variants use the so-called "encrypt then MAC" ordering, calculating the MAC over the packet ciphertext rather than the plaintext. This ordering closes a security flaw in the SSH transport protocol, where decryption of unauthenticated ciphertext provided a "decryption oracle" that could, in conjunction with cipher flaws, reveal session plaintext.

        Specifically, the "-etm" MAC algorithms modify the transport protocol to calculate the MAC over the packet ciphertext and to send the packet length unencrypted. This is necessary for the transport to obtain the length of the packet and location of the MAC tag so that it may be verified without decrypting unauthenticated data.

        As such, the MAC covers:

        mac = MAC(key, sequence_number || packet_length || encrypted_packet)

        where "packet_length" is encoded as a uint32 and "encrypted_packet" contains:

        byte padding_length byte[n1] payload; n1 = packet_length - padding_length - 1 byte[n2] random padding; n2 = padding_length

        Returns:
        Whether the MAC algorithm is an Encrypt-Then-Mac algorithm